MPs criticise government approach to information assurance

MPs have urged the government to allocate more resources to information assurance, and warned that GCHQ does not have enough internet experts to deal with the growing cyber threat.

The Commons Intelligence and Security Committee argued in a new report that the government's cost cutting drive is likely to have a negative impact on the relevant agencies' abilities to deal with current threats, despite the commitment of £650m for a new cyber security programme.

"This will require tough decisions in the coming years. It is essential that the Spending Review settlement can be adjusted if there is a significant change in the threat," the report said.

More worryingly, the report cast doubt over the ability of GCHQ to carry out its role effectively.

"We are concerned about GCHQ's inability to retain a suitable cadre of internet specialists to respond to the threat. We therefore urge GCHQ to investigate what might be done within existing pay constraints to improve the situation," it said.

"We also recommend that the Cabinet Office, as lead department for cyber security, considers whether a system of bonuses for specialist skills, such as exists in the US, should be introduced."

The report also expressed concerns that GCHQ is unable to account for equipment worth up to £1m, and revealed that the lack of priority given to cyber security within government had led to funding shortfalls.

"The Committee is disappointed that government departments and agencies do not view investment in information assurance as important, and that this has led to GCHQ having to subsidise the Communications-Electronics Security Group by several million pounds a year," it said.

"We are concerned that there appears to have been little progress in achieving a resolution since last year. The deputy national security adviser must prioritise the development of an effective funding model, which should be implemented within the next six months."

The report covers the period 2010 to 2011, during which the government appeared to take a much more decisive lead on cyber security, allocating £650m to a national cyber security programme and pledging to work more closely with the private sector on policy.